From 859f8ce782ce4d3b3914f09356d30ed55a676e44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E6=80=A7=E9=A9=8A?= Date: Wed, 10 Jun 2026 15:22:17 +0800 Subject: [PATCH] delete old api document --- deploy/openldap/README.md | 2 +- deploy/openldap/bootstrap/10-people.ldif | 2 + deploy/zitadel/bootstrap_dev.py | 65 +++++++++++++++++++++--- go.mod | 17 +++---- go.sum | 3 +- 5 files changed, 71 insertions(+), 18 deletions(-) diff --git a/deploy/openldap/README.md b/deploy/openldap/README.md index a9df42e..9127f11 100644 --- a/deploy/openldap/README.md +++ b/deploy/openldap/README.md @@ -58,7 +58,7 @@ make ldap-test # 確認 alice / bob 可查 | User base DN | `ou=people,dc=gateway,dc=local` | | User object class | `inetOrgPerson` | | User unique attribute | `uid` | -| User filters / Login filter | `(&(objectClass=inetOrgPerson)(uid=%s))` 或 `(uid=%s)` | +| User filters / Login filter | `uid` | | Email attribute | `mail` | | Display name attribute | `cn` | | Username attribute | `uid` | diff --git a/deploy/openldap/bootstrap/10-people.ldif b/deploy/openldap/bootstrap/10-people.ldif index fb8af8c..22c0a72 100644 --- a/deploy/openldap/bootstrap/10-people.ldif +++ b/deploy/openldap/bootstrap/10-people.ldif @@ -16,6 +16,7 @@ sn: Dev givenName: Alice uid: alice mail: alice@gateway.local +employeeType: true userPassword: Password1! dn: uid=bob,ou=people,dc=gateway,dc=local @@ -28,4 +29,5 @@ sn: Dev givenName: Bob uid: bob mail: bob@gateway.local +employeeType: true userPassword: Password1! diff --git a/deploy/zitadel/bootstrap_dev.py b/deploy/zitadel/bootstrap_dev.py index 136df16..cc18de2 100644 --- a/deploy/zitadel/bootstrap_dev.py +++ b/deploy/zitadel/bootstrap_dev.py @@ -29,8 +29,19 @@ APP_NAME = "Gateway Backend" REDIRECT_URIS = [ "http://localhost:5173/auth/callback/login", "http://localhost:5173/auth/callback/register", + "http://localhost:5713/auth/callback/login", + "http://localhost:5713/auth/callback/register", + "http://127.0.0.1:5173/auth/callback/login", + "http://127.0.0.1:5173/auth/callback/register", + "http://127.0.0.1:5713/auth/callback/login", + "http://127.0.0.1:5713/auth/callback/register", +] +POST_LOGOUT_URIS = [ + "http://localhost:5173/", + "http://localhost:5713/", + "http://127.0.0.1:5173/", + "http://127.0.0.1:5713/", ] -POST_LOGOUT_URIS = ["http://localhost:5173/"] LDAP_BODY = { "name": LDAP_IDP_NAME, @@ -41,7 +52,7 @@ LDAP_BODY = { "bindPassword": "admin", "userBase": "ou=people,dc=gateway,dc=local", "userObjectClasses": ["inetOrgPerson"], - "userFilters": ["(uid=%s)"], + "userFilters": ["uid"], "attributes": { "idAttribute": "uid", "emailAttribute": "mail", @@ -49,11 +60,14 @@ LDAP_BODY = { "lastNameAttribute": "sn", "displayNameAttribute": "cn", "nickNameAttribute": "uid", + "emailVerifiedAttribute": "employeeType", + }, + "providerOptions": { + "isCreationAllowed": True, + "isLinkingAllowed": True, + "isAutoCreation": True, + "isAutoUpdate": True, }, - "creationAllowed": True, - "linkingAllowed": True, - "autoCreation": True, - "autoUpdate": True, } @@ -89,6 +103,10 @@ def api(method: str, path: str, body: dict | None = None) -> dict: raise BootstrapError(f"{method} {path} -> HTTP {e.code}: {detail}") from e +def is_no_changes(err: BootstrapError) -> bool: + return "No changes" in str(err) + + def read_pat() -> str: if not PAT_FILE.is_file(): raise BootstrapError(f"PAT missing: {PAT_FILE} (run make k6-wait)") @@ -150,6 +168,13 @@ def ensure_ldap_idp() -> str: policy, is_default = login_policy() existing = find_ldap_idp_in_policy(policy) if existing: + try: + api("PUT", f"/management/v1/idps/ldap/{existing}", LDAP_BODY) + log("updated LDAP IdP config") + except BootstrapError as e: + if not is_no_changes(e): + raise + log("LDAP IdP config already up to date") log(f"LDAP IdP already linked: {existing}") return existing @@ -268,6 +293,33 @@ def create_app(project_id: str) -> tuple[str, str, str]: return app_id, client_id, client_secret +def update_app_config(project_id: str, app_id: str) -> None: + try: + api( + "PUT", + f"/management/v1/projects/{project_id}/apps/{app_id}/oidc_config", + { + "redirectUris": REDIRECT_URIS, + "responseTypes": ["OIDC_RESPONSE_TYPE_CODE"], + "grantTypes": [ + "OIDC_GRANT_TYPE_AUTHORIZATION_CODE", + "OIDC_GRANT_TYPE_REFRESH_TOKEN", + ], + "appType": "OIDC_APP_TYPE_WEB", + "authMethodType": "OIDC_AUTH_METHOD_TYPE_BASIC", + "postLogoutRedirectUris": POST_LOGOUT_URIS, + "devMode": True, + "accessTokenType": "OIDC_TOKEN_TYPE_BEARER", + }, + ) + except BootstrapError as e: + if not is_no_changes(e): + raise + log("OIDC app redirect URIs already up to date") + return + log("updated OIDC app redirect URIs") + + def regenerate_secret(project_id: str, app_id: str) -> str: data = api( "POST", @@ -289,6 +341,7 @@ def ensure_oidc_app(saved: dict[str, str]) -> tuple[str, str]: return client_id, client_secret log(f"OIDC app exists client_id={client_id}") + update_app_config(project_id, app_id) saved_id = saved.get("ZITADEL_OAUTH_CLIENT_ID", "") saved_secret = saved.get("ZITADEL_OAUTH_CLIENT_SECRET", "") if saved_id == client_id and saved_secret: diff --git a/go.mod b/go.mod index 8cd570e..be72e2d 100644 --- a/go.mod +++ b/go.mod @@ -4,10 +4,17 @@ go 1.26.1 require ( github.com/alicebob/miniredis/v2 v2.37.0 + github.com/aws/aws-sdk-go-v2 v1.36.3 + github.com/aws/aws-sdk-go-v2/credentials v1.17.61 + github.com/aws/aws-sdk-go-v2/service/ses v1.30.0 + github.com/casbin/casbin/v2 v2.135.0 github.com/go-playground/locales v0.14.1 github.com/go-playground/universal-translator v0.18.1 github.com/go-playground/validator/v10 v10.30.2 + github.com/golang-jwt/jwt/v4 v4.5.2 github.com/google/uuid v1.6.0 + github.com/minchao/go-mitake v1.0.0 + github.com/redis/go-redis/v9 v9.18.0 github.com/shopspring/decimal v1.4.0 github.com/stretchr/testify v1.11.1 github.com/zeromicro/go-zero v1.10.1 @@ -15,18 +22,15 @@ require ( go.uber.org/mock v0.6.0 golang.org/x/crypto v0.49.0 google.golang.org/grpc v1.79.3 + gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df ) require ( - github.com/aws/aws-sdk-go-v2 v1.36.3 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.61 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect - github.com/aws/aws-sdk-go-v2/service/ses v1.30.0 // indirect github.com/aws/smithy-go v1.22.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect - github.com/casbin/casbin/v2 v2.135.0 // indirect github.com/casbin/govaluate v1.3.0 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -36,7 +40,6 @@ require ( github.com/gabriel-vasile/mimetype v1.4.13 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/golang-jwt/jwt/v4 v4.5.2 // indirect github.com/grafana/pyroscope-go v1.2.8 // indirect github.com/grafana/pyroscope-go/godeltaprof v0.1.9 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 // indirect @@ -44,7 +47,6 @@ require ( github.com/leodido/go-urn v1.4.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/minchao/go-mitake v1.0.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/openzipkin/zipkin-go v0.4.3 // indirect github.com/pelletier/go-toml/v2 v2.3.0 // indirect @@ -53,8 +55,6 @@ require ( github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/common v0.66.1 // indirect github.com/prometheus/procfs v0.16.1 // indirect - github.com/redis/go-redis/v9 v9.18.0 // indirect - github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect github.com/titanous/json5 v1.0.0 // indirect github.com/xdg-go/pbkdf2 v1.0.0 // indirect @@ -84,7 +84,6 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect - gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 1aec5fa..85563bf 100644 --- a/go.sum +++ b/go.sum @@ -51,6 +51,7 @@ github.com/go-playground/validator/v10 v10.30.2 h1:JiFIMtSSHb2/XBUbWM4i/MpeQm9ZK github.com/go-playground/validator/v10 v10.30.2/go.mod h1:mAf2pIOVXjTEBrwUMGKkCWKKPs9NheYGabeB04txQSc= github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI= github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= @@ -111,8 +112,6 @@ github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0t github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= -github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0= -github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=